If you’re in PCI pain, here’s how you can get some relief.

By Reported Donna Loyle

11. Regularly test security systems and processes.

12. Maintain a policy that addresses information security.

Each of these 12 requirements has several subcategories of compliance procedures. For example, to comply with requirement No. 3, you must not store sensitive authentication data (e.g., card-validation codes) after authorization has been given. You must mask customers’ full credit card numbers when they’re being displayed across your contact center (the last six or four digits can be displayed). And you must render cardholder data unreadable wherever it’s stored, including on your nightly backup tapes.